A colleague recently made me aware of System Center Advisor (SCA) – this is a cloud service offered by Microsoft that analyses local servers and workloads, recording configurations and offering useful advice for proactively keeping them working at their best. I wasn’t familiar with it, so decided to take a closer look.
The product was born from a desire to reduce the number of “common issue” support cases that Microsoft see – where they hear the symptoms and know very quickly that a particular patch, or config change, will solve the issue. By feeding information about a customer’s systems to Microsoft, they can then advise on any necessary actions to take, hopefully before it has any impact on a running service.
Lync 2010 support was added to the offering in November 2012, on top of the previously supported Windows Server, SQL Server, SharePoint and Exchange. Lync 2013 support is not yet present at time of writing, but expected soon. A recent development is that Microsoft has made SCA available to all licenced customers, where previously it was a benefit offered only to Software Assurance customers.
There is a Microsoft Virtual Academy course on SCA available, with about an hour of material giving a good overview, although some details have changed since it was published. Some of the info here is taken from that course.
Sign-up and installation
A Microsoft account (aka Live ID, Passport, etc.) is needed to get started. One account can be used for multiple monitored organisations, useful for companies that support more than one customer.
Once logged in, it’s a simple process to download the installer and a certificate.
At least one “gateway” is needed, which will be a machine that can reach the internet. “Agents” run on each monitored server and report their results up to the gateway. The gateway then passes this on to the SCA service which is hosted on Microsoft’s Azure platform. The installer covers both roles, and has 32 and 64 bit versions included.
Data is only sent once a day, so unless you hurry the process up with some manual intervention, you won’t see much for up to 24 hours.
A dashboard view gives a summary of alerts.
The main alerts view. All columns can be immediately sorted and filtered without refreshing, and the lower pane gives more detail about the issue, including a link to the relevant solution or KB article. Microsoft are trying to avoid the need to trawl the internet by taking you straight to the most relevant solution.
Once SCA detects that the issue has been resolved (for example, by applying a recommended patch), it will automatically close the issue. You can also manually ignore an issue to avoid seeing it.
Going in to the alert rules shows us the various scenarios that will generate an alert – this will include items such as a certificate expiring soon, or a misconfigured network interface.
Configuration data is viewable within SCA. It is not intended to be an exhaustive list, but the most useful data needed to solve support issues. This is available both as a current snapshot of settings:
..and as a configuration history. This can be particularly useful as one of the first questions in a support case is “what has changed recently?”. This records the setting, both previous and new values and when the change occurred.
Finally, we have screens showing lists of monitored servers (this is also where we set up new servers) and user accounts. Any additional users also need to have a Microsoft account to access the service.
Under the covers
The agent installed for SCA is the System Center Operations Manager 2007 R2 agent. If an existing agent is found on a monitored server, it will work alongside – effectively the server will go on being monitored by the existing SCOM agent but also send some data to SCA. This will also work side-by-side with the SCOM 2012 agent.
Data sent from the agent to gateway and on to Microsoft is all readable XML files, so it is easy to see what is (and is not) being sent outside the organisation. Uploads are archived locally (for 5 days by default) so that you can read the contents.
The agent needs about 75MB of system memory, and needs about 150KB of network traffic per server per day.
Microsoft go to great lengths to stress security and privacy of the data collected – they do not share any data with third parties, and will not use it for sales or licence validation purposes. They do not have any visibility of servers that do have the agent deployed to them. The SCA account can be closed at any time and removal of data will happen within 90 days.
Communication between agents and the gateway is over port 80 by default. Uploads from the gateway to Microsoft are via HTTPS.
What does it NOT do?
SCA is not intended to be a real-time monitoring service. Data is only uploaded every 24 hours. A proper monitoring solution such as SCOM is recommended if you need to know when workloads are:
- Causing business impact or downtime
It also does not cover every possible scenario, or recommend every patch that may be necessary – just what Microsoft CSS commonly see in support cases. It is still a great idea to implement change control, and to review published patches to see if they are applicable to your environment.
Now that SCA is effectively free to all licenced Microsoft customers, it is well worth evaluating.
I think the most benefit comes to smaller organisations, who may not have specialist teams looking after specific products, do not have any formal change control and don’t usually have time to rigorously check for new patches. Being informed of a possible problem and taken straight to the relevant page for the fix could save a lot of time. These orgs will often pay for individual support cases with Microsoft too, so if they can avoid a common issue, it saves them money too.
Where there is no in-house knowledge of products like Lync, SharePoint or Exchange, they may defer to an outside company or consultant for support, and this is a great way to give them an overview of the environment and keep them informed about any recommended work.
Larger organisations will typically be using a monitoring product such as SCOM, and have good processes in place for regularly patching servers and performing health checks. It may still be worth their while to use SCA, as it is easy for some items to be overlooked, such as expiring certificates, and as a reassurance that their systems are being managed properly.